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DETAILED ACTION 



1 . This action is responsive to communications: application, filed 9/24/2003; 
amendment filed 3/7/2005. 

2. Claims 1-9, 12-19 are pending in the case. 



3. Applicants' arguments with respect to claim rejections have been fully 
considered, but they are not persuasive. 

3.1. Rejection under 35 U.S. C. 112: 



Rejection under section 1 12 is withdrawn die to amendments by the applicant. 
3.2. Rejection under 35 U.S.C. 102: 

Applicant argues Ziai, the cited prior art, does not teach or suggest each and every 
limitation of claim 1. In particular, applicant argues Ziai does not teach: "a shared input 
buffer associated a plurality of input ports." However, as indicated in the first office 



Response to Arguments 
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action, Ziai's item 403 teaches the said limitation. As shown in Fig. 4 and associated 
text, item 403 is clearly an input buffer. As shown in col. 7 lines 24-39, this buffer is a 
queue that packets waiting to be sent to the IPSec decryption accelerator are stored. 
Therefore all IP packets are headed for this buffer. As indicated in col. 4 lines 47-67 
and/or col. 1 lines 48-60, Ziai's system works with both TCP and UDP protocol, as well 
as other transport protocols. TCP and UDP both run on top of the IP protocol, and have 
different ports. Therefore, the 403 buffer is shared as a packet queue for at least both 
the TCP and UDP packets. Therefore, item 403 is a shared input buffer associated a 
plurality of input ports. 

Applicant further argues: Ziai does not teach: "a security association lookup unit configured 
to identify a security association address in a first portion of the address space associated with 
the cryptography accelerator by using header information, the first portion of the address space 
corresponding to bus controller memory." However, item 308 is a Security Policy Database 
(SPD), and item 309 is a Security Association Database (SAD), which as described in 
the cited column 6, lines 17-43, determines the security policies associated with the 
received packet. The policy is looked up based on a reference provided by the SPD. As 
shown in col. 6 lines 4-17, the SPD is indexed according to packet header information. 
Therefore, the SPD and SAD lookup a security association for the packet based on the 
packet header information. To lookup data within a database, the address of the data 
must be identified. The SAD and SPD are associated with the decryption accelerator 
(cryptography accelerator), as shown in Fig. 4. Therefore, the identified security 



Application/Control Number: 10/669,452 Page 4 

Art Unit: 2132 

association is found in the address space associated with the cryptography accelerator. 
Also, Fig. 4 shows that the SAD, SPD and decryption accelerator are associated with 
the Direct Memory Access (DMA) Controller, item 410, which control and facilitates 
access to memory. Therefore, Ziai teaches a security association lookup unit configured 
to identify a security association address in a first portion of the address space 
associated with the cryptography accelerator by using header information, the first 
portion of the address space corresponding to bus controller memory. 

Based on the discussion above, applicant's argument relative to allowability of claims 1- 
9 is found non persuasive. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-9, 12-19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Ziai (US Patent No. 7,017,042, filed June 14, 2001). 
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5.1 . As per claim 1 , Ziai is directed to a cryptography accelerator (abstract, or items 
402 or 41 1 in Fig. 4), comprising: an input port configured to receive a data sequence 
comprising header information and payload information from an entity external to the 
cryptography accelerator (Fig, 4, items 401 or 412 and associated text describe a 
network interface which receives/sends data packets from/to the network); a shared 
input buffer associated with a plurality of input ports, the shared input buffer configured 
to hold payload information associated with the data received by the plurality of input 
ports (Fig. 4, items 403 or 419 and associated text); and a security association lookup 
unit configured to identify a security association address in a first portion of the address 
space associated with the cryptography accelerator by using header information (col. 6, 
line 17-43), the first portion of the address space corresponding to bus controller 
memory wherein the security association lookup unit is operable to acquire the security 
association information from bus controller memory (the security association information 
is obtained from the IPSEC security association data base (item 420, Fig. 4), which 
works with the cryptographic accelerator (item 402 or 41 1) and is associated with the 
DMA controller. DMA controller takes control of the bus and memory for data transfer 
between devices). 

5.2. As per claim 2, Ziai is directed to the cryptography accelerator of claim 1 , 
wherein the security association lookup unit identifies the security association address 
using header information associated with the received data sequence (col. 6, line 4-10). 
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5.3. As per claim 3, Ziai is directed to the cryptography accelerator of claim 2, 
wherein the security association lookup unit identifies the security association address 
by performing a hash on the header information (see response to claim 2, and note that 
hashing to create an index to identify the address of data located in memory was a 
standard and widely used procedure in database systems at the time of invention). 

5.4. As per claim 4, Ziai is directed to the cryptography accelerator of claim 2, 
wherein the security association lookup unit identifies the security association address 
by performing a hash using a source address, a destination address, a SPI, a source 
port number, and a destination port number (see response to claim 2 and col. 6, lines 4- 
10). 

5.5. As per claim 5, Ziai is directed to the cryptography accelerator of claim 4, 
wherein the hash further uses protocol information and a version number (per col. 6, 
line 4-10, the information used to determine the security association address is IP 
addresses. Therefore, the protocol data (IP) and its version (IP version 4 and IP version 
6 have different addressing scheme) are part of information). 

5.6. As per claim 6, Ziai is directed to the cryptography accelerator of claim 1 , 
wherein the first portion of the address space is a HyperTransport address space 
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(HyperTransport links connect devices in ICs. Item 415 in Fig. 4 is a link between IC 
devices, and is separate from the system bus (col. 7, line 65-70). 

5.7. As per claim 7, Ziai is directed to the cryptography accelerator of claim 1 , 
wherein the first portion of the address space is a Peripheral Components Interface 
(PCI) address space (Fig. 4 item 405 is a peripheral memory, with a peripheral address 
space). 

5.8. As per claim 8, Ziai is directed to the cryptography accelerator of claim 7, 
wherein a second portion of the address space corresponds to a system memory 
address space, the random access memory coupled to a CPU external to the 
cryptography accelerator (Fig. 3A item 307 and associated text, which is a memory 
separate from the accelerator memory space). 

5.9. As per claim 9, Ziai is directed to the cryptography accelerator of claim 8, 
wherein a third portion of the address space corresponds to on-chip memory (col. 4, line 
62-66). 

5.10. Claims 10 and 11 were cancelled by the applicant. 

5.11. Limitations of claims 1 2-1 9 are substantially the same as limitations of claims 1 -9 
above, and noting that Ziai teaches processing the second packet without waiting for 
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the result of the read request for the first packet. This is taught by Ziai in col. Line 1-3, 
where it is determined if the packet requires IPSec processing. Per col. 6 lines 4-16, 
packets that do not require IPSec processing may bypass the decryption process 
performed by the accelerator, and therefore be processed without waiting for result of 
the packets in front of it that require IPSec processing and decryption. Ziai also teaches 
plurality of cryptographic processing data paths as required by claim 13. As shown in 
col. 6 lines 17 to col. 7 line 24, packets go through different paths based on their 
security policy needs. For example, packets with ESP mode have different processing 
requirements than those with AH protocol. Note that the purpose of Ziai's invention is to 
free up system resources from having to wait for the results, or perform the 
cryptographic process requirements, by deploying additional cryptographic accelerators. 

Conclusion 

6. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
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extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action.. 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Farid Homayounmehr whose telephone number is (571) 
272-3739. The examiner can be normally reached on 9 hrs Mon-Fri, off Monday 



If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 
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Farid Homayounmehr 
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